Contact Us Today 01642 716680

Brute Force Attack

Definition: A Brute Force Attack is a trial-and-error method used by attackers to guess login information, encryption keys, or find a hidden web page. Attackers systematically check all possible passwords or passphrases until the correct one is found.

Brute Force Attacks are considered a rudimentary but still potentially effective way to gain unauthorised access to user accounts and systems. Due to their simplicity, these attacks are commonly attempted against systems that do not employ lockout policies or more sophisticated authentication measures, such as Multi-Factor Authentication. With today’s computational power, even complex passwords can be vulnerable to Brute Force Attacks, especially when no mechanisms are in place to slow or hinder the attack progress.

Brute Force Attacks can be mitigated by employing account lockout policies after a certain number of failed attempts, using captcha systems to prevent automated submissions, implementing time delays between attempts, and encouraging users to create long, complex passwords that are not susceptible to quick discovery through brute force methods.

Key Characteristics:

  • Trial-and-Error Method: An attack approach that systematically tries all possible combinations for a password.
  • Simplicity: Can be used by attackers with varying skill levels, requiring no sophisticated techniques.
  • Time-Consuming: The success of the attack depends on the password’s complexity and length; more complex passwords require more time to crack.
  • Potentially Effective Against Weak Security Measures: Systems that lack robust authentication protocols are susceptible to Brute Force Attacks.


  • Real-World Example: An attacker uses a Brute Force Attack to guess an email password by trying different combinations of letters and numbers until the correct password is identified.
  • Hypothetical Scenario: A cybercriminal attempts to access a secure file by running a Brute Force Attack against its encryption key, trying every possible key combination until the right one decrypts the file.

Related Terms:

  • Dictionary Attack: A type of Brute Force Attack that uses a list of pre-compiled guesses, often derived from lists of common passwords and phrases.
  • Credential Stuffing: A related cyber attack strategy where stolen account credentials are used to gain unauthorised access to user accounts through large-scale automated login requests.
  • Multi-Factor Authentication (MFA): A security measure that requires multiple methods of authentication, which can help prevent unauthorised access even if a password is compromised.

What is the OWASP Top 10: Download our flash cards to find out.

Inside you will find a description of the most common web vulnerabilities.

Contact us

Get a free, no obligation quote from one of our expert staff.